If you have forgotten or lost the administrator password for your Sonicwall firewall appliance, you might think that the only option is to reset the device to factory default settings and reconfigure it from scratch. However, this is not always the case. There are some methods that can help you recover or reset the password without losing your configuration.
In this article, we will show you how to crack Sonicwall firewall password using two different approaches: one that involves using the safe mode utility and another that involves using a script to extract the password hashes from the configuration file.
Using the safe mode utility
The safe mode utility is a feature that allows you to boot the Sonicwall appliance to a special mode where you can access the web interface with default credentials and perform some basic tasks, such as importing a backup file, upgrading the firmware, or resetting to factory default settings.
To use the safe mode utility, you need to follow these steps[^1^]:
Connect a computer to the X0 interface of the Sonicwall appliance with an Ethernet cable.
Set your computer's IP address to 192.168.168.20 and the gateway to 192.168.168.168.
Power off the Sonicwall appliance and then power it on again.
When the Test light starts blinking, press and hold the reset button until it turns solid.
Open a web browser and go to https://192.168.168.168.
Enter the default username and password: admin password.
Select Boot current firmware with Factory Default Settings and click Accept.
Wait for the Sonicwall appliance to reboot and then log in again with the default credentials.
Register the Sonicwall appliance by following the prompt in the upper right-hand corner of the web interface.
If you have a backup file of your configuration, import it by going to System Settings Import Settings.
If you do not have a backup file of your configuration, you will need to reconfigure the Sonicwall appliance from scratch.
After importing or reconfiguring your settings, you can change the administrator password by going to System Administration.
Using a script to extract password hashes
If you have access to the configuration file of your Sonicwall appliance, you can use a script called sonijohn[^2^] to extract the usernames and password hashes of all local user accounts. The script will decode the base64-encoded configuration file and format the output in a way that can be used by John the Ripper, a popular password cracking tool.
To use sonijohn, you need to follow these steps:
Download and install John the Ripper on your computer.
Download and install git on your computer.
Clone sonijohn from GitHub by running: git clone https://github.com/commonexploits/sonijohn.git
Navigate to the sonijohn directory by running: cd sonijohn
Make sonijohn executable by running: chmod +x sonijohn.sh
Run sonijohn and point it to your configuration file by running: ./sonijohn.sh /path/to/config/file
The script will output a list of usernames and password hashes in John format. Save this output to a file by running: ./sonijohn.sh /path/to/config/file > hashes.txt
Run John the Ripper on the hashes file by running: john hashes.txt
Wait for John to crack some or all of the passwords. You can check the progress by running: john --status
Show the cracked passwords by running: john --show hashes.txt
Note that this method may not work for all versions of Sonicwall appliances or configuration files. Also, cracking passwords may take a long time depending on their complexity and your computer's resources. 061ffe29dd